Vulnerability Scanning Policy
Purpose
This policy establishes the minimum requirements and responsibilities for scanning software and hardware tools for vulnerabilities and malware prior to implementation in the Uncanny Software environment.
Scope
This policy applies to all individuals with access to Uncanny Software information.
Policy
Program
Internal Scanning - All Uncanny Software hardware development systems are to be scanned via our endpoint security software administered by our IT department.
External Scanning - Uncanny Software will remain subscribed to Security Scorecard for monthly scanning of potential vulnerabilities across, Network, DNS, Application Security, IP reputation, Endpoint Security, Cubit Score, Hacker Chatter, Information leak and Social Engineering. In addition, we will conduct an annual 3rd party penetration test.
Enforcement
Policy Sanctions – Uncanny Software must implement sanctions against employees and third parties who violate the policies.
Exceptions
Exceptions to Policies — Exceptions to information security policies are permissible only in those instances where the request has been approved by the Head of Information Security.
Responsibility Assignment
Information Security Team Responsibilities - The Information Security team is responsible for establishing and maintaining company-wide information security policies, standards and procedures.
Policy Review
Review of Information Security Policy Documents - Information security policy documents should be reviewed if necessary on an annual basis by the Information Security team, or when a significant change occurs.
Other Requirements
Laws, Regulations and Contractual Requirements - The Information Security team must collaborate with the Legal team as needed to ensure that information security program components are continuously in compliance with applicable laws and regulations, and contractual obligations with Uncanny Software customers.
Violations
Any violation of this policy may result in disciplinary action, up to and including termination of employment. Uncanny Software reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Uncanny Software does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, Uncanny Software reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy.
Any employee or partner who is requested to undertake an activity which he or she believes is in violation of this policy, must provide a written or verbal complaint to his or her manager, any other manager or the Human Resources Department as soon as possible.
References
ISO/IEC 27001:2013 – A.6. Organization of information security
Related Documents
No documents listed
Revision History
Last updated